folder security nightmare to allow .ldb file deletion

G

Guest

I read the following...

"If you plan to share a database, the .mdb file should be located in a
folder where users have read, write, create, and delete privileges."

(from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files in
Access 2000)

My worst nightmare has finally occured: someone deleted the .mdb file being
shared. (Lucky for backups.)

How do you prevent mischief and/or clutsyness from playing havoc with the
folder in whcih the shared database file is located if you have to leave its
permissions wide open for it.

Am I doing something wrong?

Gerald Petron
 
J

Joan Wild

You need to beat up the user that did this.

OK, that may not go over well; you could remove the delete permission on the folder. The ldb won't get deleted, and you may occasionally have to delete it (signed in as a user who does have permission to delete it), if you have problems.

Another option is to hide the folder, so that users can't get to it so easily. You use
\\servername\share$ rather than \\servername\share to hide it. They could still get to it using Windows Explorer, but they'd have to know the path (so don't tell them)
 
D

Douglas J. Steele

Of course, the file permissions will be changed every time you compact the
database.

Depending on the user permissions, MichKa has a solution to that issue at
http://www.trigeminal.com/codes.asp?ItemID=25#25

--
Doug Steele, Microsoft Access MVP

(no private e-mails, please)


You need to beat up the user that did this.

OK, that may not go over well; you could remove the delete permission on the
folder. The ldb won't get deleted, and you may occasionally have to delete
it (signed in as a user who does have permission to delete it), if you have
problems.

Another option is to hide the folder, so that users can't get to it so
easily. You use
\\servername\share$ rather than \\servername\share to hide it. They could
still get to it using Windows Explorer, but they'd have to know the path (so
don't tell them)
 
D

David W. Fenton

I thought the file would inherit permissions from the folder?

Only in a file system copy operation.

One trick might be to automate your compact such that you compact to
a file in a different folder with no delete permissions, and then
*move* the file back to the original location. Move operations
retain permissions, while copy inherits.

I don't know if that would work -- just an idea.
 
D

Douglas J. Steele

Sorry: I missed the fact that you were suggesting that delete permission be
removed from the folder. I thought you were suggesting that it be removed
only from the file.

--
Doug Steele, Microsoft Access MVP

(no private e-mails, please)


I thought the file would inherit permissions from the folder?
 
G

Guest

SOLUTION! (2 steps)
1. We removed the "delete" privelege from the folder.
2. We have another database linked to just one of the tables of the shared
database on a 24hour-7days/week basis that does only one thing: KEEPS THE
..ldb FILE THERE ALL THE TIME.

Now, anybody can log in, and when they log out, they're never the last one
becuase of the continous 24-7 link.

Thanks everybody.

Jerry Petron
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top